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DETAILED ACTION 

1. This office action is in response to the amendment filed March 16, 2005. Claims 
1-32 are presented for examination. 

2. The text of those sections of Title 35, U.S. code not included in this office action 
can be found in a prior office action. 

Claim Objections 

3. Claims 16 and 27 are objected to because of the following informalities: 

a. In line 2 of claim 16, there is no need for a comma preceding "non- 
defeatable". 

b. In line 9 of claim 27, there should be a comma after "buffer". 
Appropriate correction is required. 

Claim Rejections - 35 USC §103 

4. Claims 1-3, 9-11, and 25-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cota-Robles et al. (US 2002/0143842) (hereinafter Cota-Robles) 
in view of Mueller et al. (USPN 6,584,612) (hereinafter Mueller). 

5. As per claim 1, Cota-Robles teaches the invention as claimed, including a method 
for controlling input/output [I/O] operations of a user's computer comprising the 
following steps: 
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implementing the user's computer as a virtual machine [VM] (paragraphs 0019- 

0020); 

including a virtual machine monitor [VMM] as a VM-transparent interface 
between the VM and a physical computer system that includes at least one device 
(paragraphs 0019-0020); 

in the VMM: 

sensing a request for an I/O operation between the VM and the device 
(paragraphs 0027, 0029, 0042, 0047); 

performing a transformation of I/O data passing between the VM and the 
device (paragraphs 0015, 0027, 0047); 

the transformation of the I/O data thereby being undefeatable by any user action 
via the VM (paragraphs 0025, 0027, 0029, 0047). 

6. . Mueller teaches the invention as claimed, including a data transformation being 
adjunct to necessary completion of an I/O request (col. 3 lines 43-45, 54-65; col. 6 lines 
58-67). 

7. Cota-Robles discusses application of data transformation to every I/O request 
issued by the virtual machine. This step allows the soft device to interact with hardware 
of the physical machine. Mueller discusses additional features of virtual machines that 
need improvement, i.e. a fast way of loading resources in the form of images, bitmaps, 
etc., without modification of application code. A specialized class loader for particular 
resources embeds specific data in a user display in a manner that is hidden from the user. 
Accordingly, it would have been obvious to one of ordinary skill in the art to combine 
Cota-Robles and Mueller since a specialized class loader would provide many benefits, 
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such as allowing client to quickly load resources without interfering with other 
applications. Alternatively, it could be implemented in a corporate intranet, such that a 
system administrator can easily control the satellite workstation without risk of the user 
circumventing the deployment of data. 

8. As per claim 2, Mueller teaches the invention as claimed, including a method as 
in claim 1, in which: 

the device is a display (paragraph 0015); 

the I/O data is VM display data output from the VM and intended for display 
(paragraphs 0015, 0027, 0029, 0042, 0047); and 

the transformation is a replacement of at least a portion of the VM display data 
with non-defeatable display data stored external to the VM but accessible to the VMM 
(paragraphs 0015, 0027, 0047); 

further including the step of displaying the VM display data with the non- 
defeatable display data overlaid (paragraphs 0015, 0025, 0027, 0029, 0047). 

9. As per claim 3, Cota-Robles teaches the invention as claimed, including a method 
as in claim 1, further including the following steps: 

filtering the I/O data with respect to at least one filtering condition (paragraphs 
0027, 0029, 0042, 0047); and 

performing the transformation of the I/O data only when the filtering condition is 
met (paragraphs 0027, 0029, 0042, 0047). 
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10. As per claim 9, Cota-Robles teaches the invention as claimed, including a method 
as in claim 1, in which the transformation comprises insertion into the I/O data of a 
source indication associated with the VM (paragraphs 0027, 0029, 0042, 0047). 

11. As per claim 10, Cota-Robles teaches the invention as claimed, including a 
method as in claim 1, in which the transformation is time-varying (paragraphs 0015, 
0023). ^ 

12. As per claim 11, Cota-Robles teaches the invention as claimed, including a 
method as in claim 1, in which the device is a network connection device (paragraphs 
0015, 0023). 

13. As per claim 25, Cota-Robles teaches the invention as claimed, including a 
method as in claim 1, in which: 

the VM supports a plurality of I/O modes (paragraphs 0015, 0023); 

the step of filtering is performed on I/O data corresponding to a first one of the 
plurality of I/O modes (paragraphs 0027, 0029, 0042, 0047); and 

the transformation is applied to I/O data in a second one of the I/O modes when 
the I/O data in the first I/O mode satisfies a transformation-triggering criterion 
(paragraphs 0015, 0027, 0029, 0042, 0047). 
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14. As per claim 26, Cota-Robles teaches the invention as claimed, including a 
method as in claim 25, in which the I/O modes include a video mode and an audio mode 
(paragraphs 0015, 0023). 

15. As per claim 27, Cota-Robles teaches the invention as claimed, including a 
method for controlling input/output (I/O) of a user's computer comprising the following 
steps: 

implementing the user's computer as a virtual machine [VM] (paragraphs 0019- 

0020); 

including a virtual machine monitor [VMM] as a VM-transparent interface 
between the VM and a physical computer system that includes at least one device that 
carries out an I/O operation on the basis of device control data (paragraphs 0019-0020, 
0027, 0029, 0042, 0047); 

storing the device control data associated with the VM in a buffer in the VMM 
(paragraphs 0019-0020, 0027, 0029, 0042, 0047); 

upon sensing a transformation command from an administrative system external 
to the VM, entering replacement data into at least a portion of the buffer (paragraphs 
0027, 0029, 0042, 0047); 

the entry of the replacement data thereby being undefeatable by any user action 
via the VM (paragraphs 0025, 0027, 0029, 0047). 

16. Mueller teaches the invention as claimed, including the replacement data entry 
being adjunct to necessary completion of an I/O request (col. 3 lines 43-45, 54-65; col. 6 
lines 58-67). 
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17. As per claim 28, Cota-Robles teaches the invention as claimed, including a 
system for controlling input/output [I/O] operations of a user's computer, comprising: 

a virtual machine [VM] constituting the user's computer (paragraphs 0019-0020); 
a virtual machine monitor [VMM] forming a VM-transparent interface between 
the VM and a physical computer system that includes at least one device (paragraphs 
0019-0020); 

the VMM including means: 

for sensing a request for an I/O operation between the VM and the device 
(paragraphs 0027, 0029, 0042, 0047); and 

for performing a transformation of I/O data passing between the VM and 
the device (paragraphs 0015, 0027, 0047); 

the transformation of the I/O data thereby being undefeatable by any user action 
via the VM (paragraphs 0025, 0027, 0029, 0047). 

18. Mueller teaches the invention as claimed, including a data transformation being 
adjunct to necessary completion of an I/O request (col. 3 lines 43-45, 54-65; col. 6 lines 
58-67). 

19. As per claim 29, Cota-Robles teaches the invention as claimed, including a 
system as in claim 28, in which the device is a display and the I/O data is VM display 
data (paragraph 00 1 5). 
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20. As per claim 30, Cota-Robles teaches the invention as claimed, including a 
system as in claim 29, further comprising: 

a display buffer within the VMM for storing the VM display data that is output 
from the VM and is intended for display (paragraph 00 15,. 0027, 0029, 0042, 0047); and 

transformation means located within the VMM for replacing at least a portion of 
the VM display data stored in the display buffer with non-defeatable display data 
(paragraph 0015, 0027, 0029, 0042, 0047); 

in which the display is provided for displaying the contents of the display buffer 
(paragraphs 0015, 0023, 0027, 0042, 0047). 

21. As per claim 31, Cota-Robles teaches the invention as claimed, including a 
system as in claim 28, in which the device is a data storage device (paragraphs 0015, 
0023). 

22. As per claim 32, Cota-Robles teaches the invention as claimed, including a 
system as in claim 28, in which the device is a network connection device (paragraphs 
0015,0023). 

23. Claims 4-5, 8, and 21-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cota-Robles in view of Mueller in view of O'Neil et al. (USPN 
5,987,440) (hereinafter O'Neil). 
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24. As per claim 4, O'Neil teaches the invention as claimed, including a method as in 
claim 3, in which the filtering condition is that the I/O data includes at least one restricted 
term (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

25. It would have been obvious to one of ordinary skill in the art to combine Cota- 
Robles and Mueller with O'Neil since Cota-Robles, while presenting a method of 
representing a processing device in a virtual machine to control input and output, does 
not present specific types of input/output devices, or how certain features therein would 
be implemented. Modern computing is embodied within a networked environment to the 
point where it is nearly commonplace. With this advent in computing, protecting the 
integrity of data is of utmost importance. O'Neil provides a method of protecting 
information security within a virtual private network, or other type of network, such that 
personal data or other sensitive data can be trusted and more securely transferred. 

26. As per claim 5, O'Neil teaches the invention as claimed, including a method as in 
which the filtering condition is that the I/O data is from a restricted source (Abstract, col. 
56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

27. As per claim 8, O'Neil teaches the invention as claimed, including a method as in 
claim 3, in which the filtering condition is the presence in the I/O data of a copy 
protection indication (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

28. As per claim 21, O'Neil teaches the invention as claimed, including a method as 
in claim 1, in which: 
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the device is a network connection device (Abstract, col. 56 lines 5-40; col. 57 
line 60 -col. 58 line 63); 

the requested I/O operation is a transfer of data between the VM and the network 
connection device (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63); and 

the step of performing the transformation comprises changing at least a portion of 
the data during the transfer between the VM and the network connection device 
(Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

29. As per claim 22, O'Neil teaches the invention as claimed, including a method as 
in claim 21, in which the step of performing the transformation of the I/O data comprises 
encrypting data written by the VM to the network connection device and decrypting data 
read from the network connection device by the VM (Abstract, col 56 lines 5-40; col. 57 
line 60 - col. 58 line 63). 

30. As per claim 23, O'Neil teaches the invention as claimed, including a method as 
in claim 21 , in which the step of performing the transformation of the I/O data comprises 
compressing data written by the VM to the network connection device and 
decompressing data read from the network connection device by the VM (Abstract, col. 
56 lines 5-40; col. 57 line 60 - col. 58 line 63). 
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31. As per claim 24, O'Neil teaches the invention as claimed, including a method as 
in claim 1, in which the step of performing the transformation of the I/O data comprises 
cryptographic transformation of the I/O data (Abstract, col. 56 lines 5-40; col. 57 line 60 - 
col. 58 line 63). 

32. Claims 6-7 and 15-17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cota-Robles in view of Mueller in view of Pasieka (USPN 
6,587,945). 

33. As per claim 6, Pasieka teaches the invention as claimed, including a method as in 
claim 3, in which: 

the I/O data includes image data (col. 4 line 58 - col. 5 line 17); 

the step of filtering the I/O data comprises detecting the presence of a 
representation of a target image within the image data (col. 4 line 58 - col. 5 line 17); and 

the transformation is substitution of a representation of a replacement image in 
place of the representation of the target image (col. 4 line 58 - col. 5 line 17). 
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34. It would have been obvious to one of ordinary skill in the art to combine Cota- 
Robles and Mueller with Pasieka since Cota-Robles, while presenting a method of 
representing a processing device in a virtual machine to control input and output, does 
not present specific types of input/output devices, or how certain features therein would 
be implemented. In systems that utilize virtual machines, Internet applications or other 
network computing is very common. Along with this type of processing comes a transfer 
of image data or other display data. While Cota-Robles mentions this type of 
input/output briefly, it does not specifically address how the transmission of these images 
would be protected. Pasieka provides such a method of digitally signing an image before 
it is transferred, such that the origin and integrity of a document or image can be verified 
before it is displayed on a user's screen. 

35. As per claim 7, Pasieka teaches the invention as claimed, including a method as in 
claim 6, in which: 

the I/O data is in a non-character image format (col. 4 line 58 - col. 5 line 17); 
the target image is a representation of a restricted character string (col. 4 line 58 - 
col. 5 line 17); and 

the step of filtering the I/O data comprises applying character recognition to the 
I/O data (col. 4 line 58 - col. 5 line 17). 

36. As per claim 15, Pasieka teaches the invention as claimed, including a method as 
in claim 1, in which: 

the device is a display (col. 4 line 58 - col. 5 line 17); 
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the display renders data stored in a display map (col. 4 line 58 - col. 5 line 17); 

and 

the step of performing the transformation comprises altering a selected portion of 
the display map (col. 4 line 58 - col. 5 line 17). 

37. As per claim 16, Pasieka teaches the invention as claimed, including a method as 
in claim 15, in which the step of altering the selected portion of the display data 
comprises substituting non-defeatable display data for the selected portion (col. 4 line 58 
- col. 5 line 17). 

38. As per claim 17, Pasieka teaches the invention as claimed, Including a method as 
in claim 15, in which the step of altering the selected portion of the display data 
comprises changing all occurrences in the display map of a display color to a replacement 
color (col. 6 lines 15-54). 

39. Claims 12-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Cota-Robles in view of Mueller in view of Narlikar et al. (US 2002/0069241). 

40. As per claim 12, Narlikar teaches the invention as claimed, including a method as 
in claim 11, in which the transformation is a bandwidth limiting of the I/O data being 
transferred between the VM and the network connection device (Abstract, paragraphs 
0003-0005, 0012, 0019). 
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41. It would have been obvious to one of ordinary skill in the art to combine Cota- 
Robles and Mueller with Narlikar since in a networked computing environment, 
processing bottlenecks can lead to loss of data, inconsistent processing, or other failures. 
This particular type of input/output processing must be accounted for in a network 
environment. Often, such issues are handled by proxy servers that distribute loads evenly 
among servers, such that one node does not handle an excessive amount of requests. 
Pasieka provides such a proxy method, wherein if a request is directed to a heavily loaded 
node, the request is redirected to a proxy server, which determines the best way to 
distribute that request. Thus, processing throughput can be improved giving rise to more 
reliable and efficient processing. 

42. As per claim 13, Narlikar teaches the invention as claimed, including a method as 
in claim 11, in which: 

the requested I/O operation is a transfer of the I/O data between the VM and the 
network connection device (Abstract, paragraphs 0003-0005, 0012, 0019); and 

the transformation is a time delay of the transfer (Abstract, paragraphs 0003-0005, 
0012, 0019). 

43. As per claim 14, Narlikar teaches the invention as claimed, including a method as 
in claim 1 1, in which: 

the requested I/O operation is a transfer of the I/O data from the VM to a first 
destination address via the network connection device (Abstract, paragraphs 0003-0005, 
0012, 0019); 
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the transformation is a redirection of the I/O data to a second destination address 
different from the first (Abstract, paragraphs 0003-0005, 0012, 0019). 

44. Claims 18-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Cota-Robles in view of Mueller in view of Samar (US 2002/0078049). 

45. As per claim 18, Samar teaches the invention as claimed, including a method as in 
claim 1, in which: 

the device is a data storage device (Abstract, 0029, 0030, 0040, 0041); 

the requested I/O operation is a transfer of data between the VM and the storage 
device (Abstract, 0029, 0030, 0040, 0041); and 

the step of performing the transformation comprises changing at least a portion of 
the data during the transfer between the VM and the storage device (Abstract, 0029, 
0030, 0040, 0041). 

46. It would have been obvious to one of ordinary skill in the art to combine Cota- 
Robles and Mueller with Samar since Cota-Robles, while presenting a method of 
representing a processing device in a virtual machine to control input and output, does 
not present specific types of input/output devices, or how certain features therein would 
be implemented. Modern computing utilizes data stores and databases to store sensitive 
data. With this advent in computing, protecting the integrity of the data is of utmost 
importance. Samar provides a method of determining if data that is to be stored is of a 
sensitive nature, and if so, encrypting the data such that it can be protected against 
unauthorized access. 
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47. As per claim 19, Samar teaches the invention as claimed, including a method as in 
claim 18, in which the step of performing the transformation of the I/O data comprises 
encrypting data written by the VM to the data storage device and decrypting data read 
from the data storage device by the VM (Abstract, 0029, 0030, 0040, 0041). 

48. As per claim 20, Samar teaches the invention as claimed, including a method as in 
claim 18, in which the step of performing the transformation of the I/O data comprises 
compressing data written by the VM to the data storage device and decompressing data 
read from the data storage device by the VM (Abstract, 0029, 0030, 0040, 0041). 

Response to Arguments 

49. Applicant's arguments with respect to claims 1-32 have been considered but 
are moot in view of the new grounds of rejection. 

Conclusion 

50. Applicant's amendment necessitated the new grounds of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 

( 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Syed J Ali whose telephone number is (571) 272-3769. 
The examiner can normally be reached on Mon-Fri 8-5:30, 2nd Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai T An can be reached on (571) 272-3756. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Syed Ah 
May 23, 2005 





TECHNOLOGY CEflTER St 00 



